Press Release

BUSINESSES NEED CLEAR DATA BREACH STRATEGIES

Equifax provides advice for businesses as Information Commissioner criticises organisations that have lost consumer data

www.equifax.co.uk

London, November 2008 - Information Commissioner, Richard Thomas, has today published a list of organisations that have lost consumer data, in a crackdown on data security problems in both the public and private sectors. It's clear, therefore, that the issue of personal data security needs to come much higher up the agenda for many organisations and leading credit information provider, Equifax, believes that to protect their business, employees and customers, organisations need to develop a data breach response plan.

Neil Munroe, External Affairs Director, Equifax is urging firms to protect their customers from data breaches before proposed legislation forces their hand. In particular he believes that a more prepared and pro-active approach to customer communication and management when a breach does occur is required.

"Increased focus by the media, regulators and consumers, means the problem of data breaches isn't going to disappear for businesses" confirmed Neil Munroe. "The reality of the matter is that ID fraud has become an immensely sophisticated and lucrative crime. And as such, the issue of personal data security needs to come much higher up the agenda for all UK organisations.

"Data breaches can occur as a result of insider fraud, hacking or loss or theft of laptops and files. But no matter which way a data breach occurs, the consequences can be far-reaching and with the regulators now sitting up and taking note, negative press could be the least of an organisation's worries. "

A survey** conducted in 2007 revealed that 65% of those asked would never buy again from an organisation that did not keep their personal information safe. 52% said they would go out of their way to spread the word of an organisation's failings and 24% would consult a lawyer. These figures illustrate just how important customer confidence is in securing and maintaining a profitable relationship and how data breaches can seriously compromise this relationship. Indeed, 43% of people surveyed said that they want companies to explain their fraud protection policies, highlighting their growing awareness of the issue.

Equifax is therefore highlighting what it believes are two key components of a good Data Breach Plan:

Customer communication - In the event of a data breach, the future of an organisation rests on how well they maintain customer and employee trust. An organisation that takes the right steps, following a loss of data can regain the trust of employees and staff. Organisations need to write to affected parties as soon as possible to begin to repair any damage done. And it's not just a case of informing customers. They need to feel that their data - and their best interests - are at the heart of the organisation and, as such, businesses need to provide call centre and website contact points for customers, as well as access to general public information.

The Role of Protector - Free credit reports and monitoring services can go a long way to helping customers protect themselves from the risk of ID theft as a result of a breach. There are a wealth of services available that organisations can offer to customers and staff affected by a loss of data. As well as providing free credit reports as part of the initial communications activity, organisations can also offer alerts by email and SMS to include any changes to key data such as address, unauthorised searches, new accounts opened and Electoral Roll data, as well as offering advice to those consumers who believe they may have been, or could in the future be affected by ID fraud.

In addition some organisations are taking a very forward-thinking approach, by actually offering ID fraud monitoring services as an integral part of their customer acquisition strategy.

"The Information Commissioner's Office (ICO) and Financial Services Authority (FSA) are monitoring businesses and taking action where organisations are found lacking" concludes Neil Munroe. "In fact, the FSA has already highlighted the need for organisations to focus on the risk to their own business and the adverse publicity following data breaches. It has its eye on organisations that fail to notify customers that data has been compromised and increasingly expects them to offer customers advice on how to combat the risks of ID fraud.

"Clearly with the latest data breaches reported this week, there is a need to tighten up processes to protect data in the first place. But picking up the pieces and managing customer communications pro-actively and clearly also needs to be a clear focus for any business handling consumer data."

**Credit reference industry survey, conducted 2007

For further press information please contact: Margot Tomkinson, Jenny Staniforth, Cecile Stearn or Wendy Harrison at HSL on 020 8977 9132 / Fax: 020 8977 5200 or Email: margot@harrisonsadler.com

Global Site Navigation

About Equifax \ Contact Us

Corporate Navigation

Privacy Policy I Terms of Use I £2 Statutory Credit Report I Affiliates / Partners I Sitemap I

» About Equifax

> Company Profile

> Company Leadership

> Corporate Governance

> Careers

> News Room

> Press Releases

> Equifax in the news

> Press Contacts

» SOLUTIONS

> Business Services Logon

> Commercial Information Solutions

> Consumer Information Solutions

> Personal Information Solutions